Bug 1572240 - Part 3: Introduce nsIHttpChannelInternal.contentBlockingAllowListPrincipal; r=michal

Differential Revision: https://phabricator.services.mozilla.com/D42204

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Ehsan Akhgari 2019-08-19 19:38:50 +00:00
Родитель e06a6e7ca6
Коммит 575c480fc5
23 изменённых файлов: 260 добавлений и 44 удалений

Просмотреть файл

@ -15970,5 +15970,16 @@ bool Document::HasRecentlyStartedForegroundLoads() {
return false; return false;
} }
already_AddRefed<nsIPrincipal>
Document::RecomputeContentBlockingAllowListPrincipal(
nsIURI* aURIBeingLoaded, const OriginAttributes& aAttrs) {
AntiTrackingCommon::RecomputeContentBlockingAllowListPrincipal(
aURIBeingLoaded, aAttrs,
getter_AddRefs(mContentBlockingAllowListPrincipal));
nsCOMPtr<nsIPrincipal> copy = mContentBlockingAllowListPrincipal;
return copy.forget();
}
} // namespace dom } // namespace dom
} // namespace mozilla } // namespace mozilla

Просмотреть файл

@ -574,6 +574,9 @@ class Document : public nsINode,
return mContentBlockingAllowListPrincipal; return mContentBlockingAllowListPrincipal;
} }
already_AddRefed<nsIPrincipal> RecomputeContentBlockingAllowListPrincipal(
nsIURI* aURIBeingLoaded, const OriginAttributes& aAttrs);
// EventTarget // EventTarget
void GetEventTargetParent(EventChainPreVisitor& aVisitor) override; void GetEventTargetParent(EventChainPreVisitor& aVisitor) override;
EventListenerManager* GetOrCreateListenerManager() override; EventListenerManager* GetOrCreateListenerManager() override;

Просмотреть файл

@ -5,6 +5,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ThirdPartyUtil.h" #include "ThirdPartyUtil.h"
#include "nsDocShell.h"
#include "nsGlobalWindowOuter.h" #include "nsGlobalWindowOuter.h"
#include "nsNetCID.h" #include "nsNetCID.h"
#include "nsNetUtil.h" #include "nsNetUtil.h"
@ -139,6 +140,43 @@ ThirdPartyUtil::GetURIFromWindow(mozIDOMWindowProxy* aWin, nsIURI** result) {
return rv; return rv;
} }
NS_IMETHODIMP
ThirdPartyUtil::GetContentBlockingAllowListPrincipalFromWindow(
mozIDOMWindowProxy* aWin, nsIURI* aURIBeingLoaded, nsIPrincipal** result) {
nsPIDOMWindowOuter* outerWindow = nsPIDOMWindowOuter::From(aWin);
nsPIDOMWindowInner* innerWindow = outerWindow->GetCurrentInnerWindow();
Document* doc = innerWindow ? innerWindow->GetExtantDoc() : nullptr;
if (!doc) {
return GetPrincipalFromWindow(aWin, result);
}
nsCOMPtr<nsIPrincipal> principal =
doc->GetContentBlockingAllowListPrincipal();
if (aURIBeingLoaded && principal && principal->GetIsNullPrincipal()) {
// If we have an initial principal during navigation, recompute it to get
// the real content blocking allow list principal.
nsIDocShell* docShell = doc->GetDocShell();
OriginAttributes attrs =
docShell ? nsDocShell::Cast(docShell)->GetOriginAttributes()
: OriginAttributes();
principal =
doc->RecomputeContentBlockingAllowListPrincipal(aURIBeingLoaded, attrs);
}
if (!principal || !principal->GetIsContentPrincipal()) {
// This is for compatibility with GetURIFromWindow. Null principals are
// explicitly special cased there. GetURI returns nullptr for
// SystemPrincipal and ExpandedPrincipal.
LOG(
("ThirdPartyUtil::GetContentBlockingAllowListPrincipalFromWindow can't "
"use null principal\n"));
return NS_ERROR_INVALID_ARG;
}
principal.forget(result);
return NS_OK;
}
// Determine if aFirstURI is third party with respect to aSecondURI. See docs // Determine if aFirstURI is third party with respect to aSecondURI. See docs
// for mozIThirdPartyUtil. // for mozIThirdPartyUtil.
NS_IMETHODIMP NS_IMETHODIMP

Просмотреть файл

@ -177,6 +177,15 @@ interface mozIThirdPartyUtil : nsISupports
*/ */
nsIPrincipal getPrincipalFromWindow(in mozIDOMWindowProxy aWindow); nsIPrincipal getPrincipalFromWindow(in mozIDOMWindowProxy aWindow);
/**
* getContentBlockingAllowListPrincipalFromWindow
*
* Returns the content blocking allow list principal for the window.
*/
[noscript]
nsIPrincipal getContentBlockingAllowListPrincipalFromWindow(in mozIDOMWindowProxy aWindow,
[optional] in nsIURI aURIBeingLoaded);
/** /**
* getTopWindowForChannel * getTopWindowForChannel
* *

Просмотреть файл

@ -234,6 +234,7 @@ struct HttpChannelOpenArgs
nsIReferrerInfo referrerInfo; nsIReferrerInfo referrerInfo;
URIParams? apiRedirectTo; URIParams? apiRedirectTo;
URIParams? topWindowURI; URIParams? topWindowURI;
OptionalPrincipalInfo contentBlockingAllowListPrincipal;
uint32_t loadFlags; uint32_t loadFlags;
RequestHeaderTuples requestHeaders; RequestHeaderTuples requestHeaders;
nsCString requestMethod; nsCString requestMethod;

Просмотреть файл

@ -418,8 +418,9 @@ mozilla::ipc::IPCResult NeckoChild::RecvNetworkChangeNotification(
} }
PClassifierDummyChannelChild* NeckoChild::AllocPClassifierDummyChannelChild( PClassifierDummyChannelChild* NeckoChild::AllocPClassifierDummyChannelChild(
nsIURI* aURI, nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult, nsIURI* aURI, nsIURI* aTopWindowURI,
const Maybe<LoadInfoArgs>& aLoadInfo) { nsIPrincipal* aContentBlockingAllowListPrincipal,
const nsresult& aTopWindowURIResult, const Maybe<LoadInfoArgs>& aLoadInfo) {
return new ClassifierDummyChannelChild(); return new ClassifierDummyChannelChild();
} }

Просмотреть файл

@ -93,7 +93,9 @@ class NeckoChild : public PNeckoChild {
mozilla::ipc::IPCResult RecvNetworkChangeNotification(nsCString const& type); mozilla::ipc::IPCResult RecvNetworkChangeNotification(nsCString const& type);
PClassifierDummyChannelChild* AllocPClassifierDummyChannelChild( PClassifierDummyChannelChild* AllocPClassifierDummyChannelChild(
nsIURI* aURI, nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult, nsIURI* aURI, nsIURI* aTopWindowURI,
nsIPrincipal* aContentBlockingAllowListPrincipal,
const nsresult& aTopWindowURIResult,
const Maybe<LoadInfoArgs>& aLoadInfo); const Maybe<LoadInfoArgs>& aLoadInfo);
bool DeallocPClassifierDummyChannelChild( bool DeallocPClassifierDummyChannelChild(

Просмотреть файл

@ -905,14 +905,16 @@ mozilla::ipc::IPCResult NeckoParent::RecvGetExtensionFD(
} }
PClassifierDummyChannelParent* NeckoParent::AllocPClassifierDummyChannelParent( PClassifierDummyChannelParent* NeckoParent::AllocPClassifierDummyChannelParent(
nsIURI* aURI, nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult, nsIURI* aURI, nsIURI* aTopWindowURI,
const Maybe<LoadInfoArgs>& aLoadInfo) { nsIPrincipal* aContentBlockingAllowListPrincipal,
const nsresult& aTopWindowURIResult, const Maybe<LoadInfoArgs>& aLoadInfo) {
RefPtr<ClassifierDummyChannelParent> c = new ClassifierDummyChannelParent(); RefPtr<ClassifierDummyChannelParent> c = new ClassifierDummyChannelParent();
return c.forget().take(); return c.forget().take();
} }
mozilla::ipc::IPCResult NeckoParent::RecvPClassifierDummyChannelConstructor( mozilla::ipc::IPCResult NeckoParent::RecvPClassifierDummyChannelConstructor(
PClassifierDummyChannelParent* aActor, nsIURI* aURI, nsIURI* aTopWindowURI, PClassifierDummyChannelParent* aActor, nsIURI* aURI, nsIURI* aTopWindowURI,
nsIPrincipal* aContentBlockingAllowListPrincipal,
const nsresult& aTopWindowURIResult, const Maybe<LoadInfoArgs>& aLoadInfo) { const nsresult& aTopWindowURIResult, const Maybe<LoadInfoArgs>& aLoadInfo) {
ClassifierDummyChannelParent* p = ClassifierDummyChannelParent* p =
static_cast<ClassifierDummyChannelParent*>(aActor); static_cast<ClassifierDummyChannelParent*>(aActor);
@ -927,7 +929,8 @@ mozilla::ipc::IPCResult NeckoParent::RecvPClassifierDummyChannelConstructor(
return IPC_FAIL_NO_REASON(this); return IPC_FAIL_NO_REASON(this);
} }
p->Init(aURI, aTopWindowURI, aTopWindowURIResult, loadInfo); p->Init(aURI, aTopWindowURI, aContentBlockingAllowListPrincipal,
aTopWindowURIResult, loadInfo);
return IPC_OK(); return IPC_OK();
} }

Просмотреть файл

@ -224,7 +224,9 @@ class NeckoParent : public PNeckoParent {
GetExtensionFDResolver&& aResolve); GetExtensionFDResolver&& aResolve);
PClassifierDummyChannelParent* AllocPClassifierDummyChannelParent( PClassifierDummyChannelParent* AllocPClassifierDummyChannelParent(
nsIURI* aURI, nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult, nsIURI* aURI, nsIURI* aTopWindowURI,
nsIPrincipal* aContentBlockingAllowListPrincipal,
const nsresult& aTopWindowURIResult,
const Maybe<LoadInfoArgs>& aLoadInfo); const Maybe<LoadInfoArgs>& aLoadInfo);
bool DeallocPClassifierDummyChannelParent( bool DeallocPClassifierDummyChannelParent(
@ -232,7 +234,8 @@ class NeckoParent : public PNeckoParent {
virtual mozilla::ipc::IPCResult RecvPClassifierDummyChannelConstructor( virtual mozilla::ipc::IPCResult RecvPClassifierDummyChannelConstructor(
PClassifierDummyChannelParent* aActor, nsIURI* aURI, PClassifierDummyChannelParent* aActor, nsIURI* aURI,
nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult, nsIURI* aTopWindowURI, nsIPrincipal* aContentBlockingAllowListPrincipal,
const nsresult& aTopWindowURIResult,
const Maybe<LoadInfoArgs>& aLoadInfo) override; const Maybe<LoadInfoArgs>& aLoadInfo) override;
mozilla::ipc::IPCResult RecvInitSocketProcessBridge( mozilla::ipc::IPCResult RecvInitSocketProcessBridge(

Просмотреть файл

@ -116,6 +116,7 @@ parent:
async PChannelDiverter(ChannelDiverterArgs channel); async PChannelDiverter(ChannelDiverterArgs channel);
async PClassifierDummyChannel(nsIURI uri, nsIURI aTopWindowURI, async PClassifierDummyChannel(nsIURI uri, nsIURI aTopWindowURI,
nsIPrincipal contentBlockingAllowListPrincipal,
nsresult aTopWindowURIResult, nsresult aTopWindowURIResult,
LoadInfoArgs? loadInfo); LoadInfoArgs? loadInfo);

Просмотреть файл

@ -77,11 +77,12 @@ NS_INTERFACE_MAP_BEGIN(ClassifierDummyChannel)
NS_INTERFACE_MAP_ENTRY_CONCRETE(ClassifierDummyChannel) NS_INTERFACE_MAP_ENTRY_CONCRETE(ClassifierDummyChannel)
NS_INTERFACE_MAP_END NS_INTERFACE_MAP_END
ClassifierDummyChannel::ClassifierDummyChannel(nsIURI* aURI, ClassifierDummyChannel::ClassifierDummyChannel(
nsIURI* aTopWindowURI, nsIURI* aURI, nsIURI* aTopWindowURI,
nsresult aTopWindowURIResult, nsIPrincipal* aContentBlockingAllowListPrincipal,
nsILoadInfo* aLoadInfo) nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo)
: mTopWindowURI(aTopWindowURI), : mTopWindowURI(aTopWindowURI),
mContentBlockingAllowListPrincipal(aContentBlockingAllowListPrincipal),
mTopWindowURIResult(aTopWindowURIResult), mTopWindowURIResult(aTopWindowURIResult),
mClassificationFlags(0) { mClassificationFlags(0) {
MOZ_ASSERT(XRE_IsParentProcess()); MOZ_ASSERT(XRE_IsParentProcess());
@ -97,6 +98,9 @@ ClassifierDummyChannel::~ClassifierDummyChannel() {
mURI.forget()); mURI.forget());
NS_ReleaseOnMainThreadSystemGroup("ClassifierDummyChannel::mTopWindowURI", NS_ReleaseOnMainThreadSystemGroup("ClassifierDummyChannel::mTopWindowURI",
mTopWindowURI.forget()); mTopWindowURI.forget());
NS_ReleaseOnMainThreadSystemGroup(
"ClassifierDummyChannel::mContentBlockingAllowListPrincipal",
mContentBlockingAllowListPrincipal.forget());
} }
uint32_t ClassifierDummyChannel::ClassificationFlags() const { uint32_t ClassifierDummyChannel::ClassificationFlags() const {
@ -555,6 +559,14 @@ ClassifierDummyChannel::GetTopWindowURI(nsIURI** aTopWindowURI) {
return mTopWindowURIResult; return mTopWindowURIResult;
} }
NS_IMETHODIMP
ClassifierDummyChannel::GetContentBlockingAllowListPrincipal(
nsIPrincipal** aPrincipal) {
nsCOMPtr<nsIPrincipal> copy = mContentBlockingAllowListPrincipal;
copy.forget(aPrincipal);
return NS_OK;
}
NS_IMETHODIMP NS_IMETHODIMP
ClassifierDummyChannel::SetTopWindowURIIfUnknown(nsIURI* aTopWindowURI) { ClassifierDummyChannel::SetTopWindowURIIfUnknown(nsIURI* aTopWindowURI) {
return NS_ERROR_NOT_IMPLEMENTED; return NS_ERROR_NOT_IMPLEMENTED;

Просмотреть файл

@ -19,6 +19,7 @@
} }
class nsIChannel; class nsIChannel;
class nsIPrincipal;
namespace mozilla { namespace mozilla {
namespace net { namespace net {
@ -64,6 +65,7 @@ class ClassifierDummyChannel final : public nsIChannel,
nsIChannel* aChannel, const std::function<void(bool)>& aCallback); nsIChannel* aChannel, const std::function<void(bool)>& aCallback);
ClassifierDummyChannel(nsIURI* aURI, nsIURI* aTopWindowURI, ClassifierDummyChannel(nsIURI* aURI, nsIURI* aTopWindowURI,
nsIPrincipal* aContentBlockingAllowListPrincipal,
nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo); nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo);
uint32_t ClassificationFlags() const; uint32_t ClassificationFlags() const;
@ -76,6 +78,7 @@ class ClassifierDummyChannel final : public nsIChannel,
nsCOMPtr<nsILoadInfo> mLoadInfo; nsCOMPtr<nsILoadInfo> mLoadInfo;
nsCOMPtr<nsIURI> mURI; nsCOMPtr<nsIURI> mURI;
nsCOMPtr<nsIURI> mTopWindowURI; nsCOMPtr<nsIURI> mTopWindowURI;
nsCOMPtr<nsIPrincipal> mContentBlockingAllowListPrincipal;
nsresult mTopWindowURIResult; nsresult mTopWindowURIResult;
uint32_t mClassificationFlags; uint32_t mClassificationFlags;

Просмотреть файл

@ -33,13 +33,18 @@ bool ClassifierDummyChannelChild::Create(
nsresult topWindowURIResult = nsresult topWindowURIResult =
httpChannelInternal->GetTopWindowURI(getter_AddRefs(topWindowURI)); httpChannelInternal->GetTopWindowURI(getter_AddRefs(topWindowURI));
nsCOMPtr<nsIPrincipal> principal;
nsresult rv = httpChannelInternal->GetContentBlockingAllowListPrincipal(
getter_AddRefs(principal));
MOZ_ALWAYS_SUCCEEDS(rv);
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
Maybe<LoadInfoArgs> loadInfoArgs; Maybe<LoadInfoArgs> loadInfoArgs;
mozilla::ipc::LoadInfoToLoadInfoArgs(loadInfo, &loadInfoArgs); mozilla::ipc::LoadInfoToLoadInfoArgs(loadInfo, &loadInfoArgs);
PClassifierDummyChannelChild* actor = PClassifierDummyChannelChild* actor =
gNeckoChild->SendPClassifierDummyChannelConstructor( gNeckoChild->SendPClassifierDummyChannelConstructor(
aURI, topWindowURI, topWindowURIResult, loadInfoArgs); aURI, topWindowURI, principal, topWindowURIResult, loadInfoArgs);
if (!actor) { if (!actor) {
return false; return false;
} }

Просмотреть файл

@ -19,9 +19,10 @@ ClassifierDummyChannelParent::ClassifierDummyChannelParent()
ClassifierDummyChannelParent::~ClassifierDummyChannelParent() = default; ClassifierDummyChannelParent::~ClassifierDummyChannelParent() = default;
void ClassifierDummyChannelParent::Init(nsIURI* aURI, nsIURI* aTopWindowURI, void ClassifierDummyChannelParent::Init(
nsresult aTopWindowURIResult, nsIURI* aURI, nsIURI* aTopWindowURI,
nsILoadInfo* aLoadInfo) { nsIPrincipal* aContentBlockingAllowListPrincipal,
nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo) {
MOZ_ASSERT(mIPCActive); MOZ_ASSERT(mIPCActive);
RefPtr<ClassifierDummyChannelParent> self = this; RefPtr<ClassifierDummyChannelParent> self = this;
@ -33,7 +34,8 @@ void ClassifierDummyChannelParent::Init(nsIURI* aURI, nsIURI* aTopWindowURI,
} }
RefPtr<ClassifierDummyChannel> channel = new ClassifierDummyChannel( RefPtr<ClassifierDummyChannel> channel = new ClassifierDummyChannel(
aURI, aTopWindowURI, aTopWindowURIResult, aLoadInfo); aURI, aTopWindowURI, aContentBlockingAllowListPrincipal,
aTopWindowURIResult, aLoadInfo);
bool willCallback = NS_SUCCEEDED(AsyncUrlChannelClassifier::CheckChannel( bool willCallback = NS_SUCCEEDED(AsyncUrlChannelClassifier::CheckChannel(
channel, [self = std::move(self), channel]() { channel, [self = std::move(self), channel]() {

Просмотреть файл

@ -23,8 +23,9 @@ class ClassifierDummyChannelParent final
ClassifierDummyChannelParent(); ClassifierDummyChannelParent();
void Init(nsIURI* aURI, nsIURI* aTopWindowURI, nsresult aTopWindowURIResult, void Init(nsIURI* aURI, nsIURI* aTopWindowURI,
nsILoadInfo* aLoadInfo); nsIPrincipal* aContentBlockingAllowListPrincipal,
nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo);
private: private:
~ClassifierDummyChannelParent(); ~ClassifierDummyChannelParent();

Просмотреть файл

@ -298,6 +298,7 @@ void HttpBaseChannel::ReleaseMainThreadOnlyReferences() {
arrayToRelease.AppendElement(mProxyURI.forget()); arrayToRelease.AppendElement(mProxyURI.forget());
arrayToRelease.AppendElement(mPrincipal.forget()); arrayToRelease.AppendElement(mPrincipal.forget());
arrayToRelease.AppendElement(mTopWindowURI.forget()); arrayToRelease.AppendElement(mTopWindowURI.forget());
arrayToRelease.AppendElement(mContentBlockingAllowListPrincipal.forget());
arrayToRelease.AppendElement(mListener.forget()); arrayToRelease.AppendElement(mListener.forget());
arrayToRelease.AppendElement(mCompressListener.forget()); arrayToRelease.AppendElement(mCompressListener.forget());
@ -2052,6 +2053,12 @@ nsresult HttpBaseChannel::GetTopWindowURI(nsIURI* aURIBeingLoaded,
} }
} }
#endif #endif
if (!mContentBlockingAllowListPrincipal) {
Unused << util->GetContentBlockingAllowListPrincipalFromWindow(
win, aURIBeingLoaded,
getter_AddRefs(mContentBlockingAllowListPrincipal));
}
} }
} }
NS_IF_ADDREF(*aTopWindowURI = mTopWindowURI); NS_IF_ADDREF(*aTopWindowURI = mTopWindowURI);
@ -2066,6 +2073,27 @@ HttpBaseChannel::GetDocumentURI(nsIURI** aDocumentURI) {
return NS_OK; return NS_OK;
} }
NS_IMETHODIMP
HttpBaseChannel::GetContentBlockingAllowListPrincipal(
nsIPrincipal** aPrincipal) {
NS_ENSURE_ARG_POINTER(aPrincipal);
if (!mContentBlockingAllowListPrincipal) {
if (!mTopWindowURI) {
// If mTopWindowURI is null, it's possible that these two fields haven't
// been initialized yet. GetTopWindowURI will lazily initilize both
// fields for us.
nsCOMPtr<nsIURI> throwAway;
Unused << GetTopWindowURI(getter_AddRefs(throwAway));
} else {
// Otherwise, the content blocking allow list principal is null (which is
// possible), so just return what we have...
}
}
nsCOMPtr<nsIPrincipal> copy = mContentBlockingAllowListPrincipal;
copy.forget(aPrincipal);
return NS_OK;
}
NS_IMETHODIMP NS_IMETHODIMP
HttpBaseChannel::SetDocumentURI(nsIURI* aDocumentURI) { HttpBaseChannel::SetDocumentURI(nsIURI* aDocumentURI) {
ENSURE_CALLED_BEFORE_CONNECT(); ENSURE_CALLED_BEFORE_CONNECT();

Просмотреть файл

@ -299,6 +299,8 @@ class HttpBaseChannel : public nsHashPropertyBag,
NS_IMETHOD GetFetchCacheMode(uint32_t* aFetchCacheMode) override; NS_IMETHOD GetFetchCacheMode(uint32_t* aFetchCacheMode) override;
NS_IMETHOD SetFetchCacheMode(uint32_t aFetchCacheMode) override; NS_IMETHOD SetFetchCacheMode(uint32_t aFetchCacheMode) override;
NS_IMETHOD GetTopWindowURI(nsIURI** aTopWindowURI) override; NS_IMETHOD GetTopWindowURI(nsIURI** aTopWindowURI) override;
NS_IMETHOD GetContentBlockingAllowListPrincipal(
nsIPrincipal** aPrincipal) override;
NS_IMETHOD SetTopWindowURIIfUnknown(nsIURI* aTopWindowURI) override; NS_IMETHOD SetTopWindowURIIfUnknown(nsIURI* aTopWindowURI) override;
NS_IMETHOD GetProxyURI(nsIURI** proxyURI) override; NS_IMETHOD GetProxyURI(nsIURI** proxyURI) override;
virtual void SetCorsPreflightParameters( virtual void SetCorsPreflightParameters(
@ -464,6 +466,10 @@ class HttpBaseChannel : public nsHashPropertyBag,
return NS_OK; return NS_OK;
} }
void SetContentBlockingAllowListPrincipal(nsIPrincipal* aPrincipal) {
mContentBlockingAllowListPrincipal = aPrincipal;
}
// Set referrerInfo and compute the referrer header if neccessary. // Set referrerInfo and compute the referrer header if neccessary.
nsresult SetReferrerInfo(nsIReferrerInfo* aReferrerInfo, bool aClone, nsresult SetReferrerInfo(nsIReferrerInfo* aReferrerInfo, bool aClone,
bool aCompute); bool aCompute);
@ -572,6 +578,7 @@ class HttpBaseChannel : public nsHashPropertyBag,
nsCOMPtr<nsIURI> mProxyURI; nsCOMPtr<nsIURI> mProxyURI;
nsCOMPtr<nsIPrincipal> mPrincipal; nsCOMPtr<nsIPrincipal> mPrincipal;
nsCOMPtr<nsIURI> mTopWindowURI; nsCOMPtr<nsIURI> mTopWindowURI;
nsCOMPtr<nsIPrincipal> mContentBlockingAllowListPrincipal;
nsCOMPtr<nsIStreamListener> mListener; nsCOMPtr<nsIStreamListener> mListener;
// An instance of nsHTTPCompressConv // An instance of nsHTTPCompressConv
nsCOMPtr<nsIStreamListener> mCompressListener; nsCOMPtr<nsIStreamListener> mCompressListener;

Просмотреть файл

@ -2840,12 +2840,25 @@ nsresult HttpChannelChild::ContinueAsyncOpen() {
Maybe<CorsPreflightArgs> optionalCorsPreflightArgs; Maybe<CorsPreflightArgs> optionalCorsPreflightArgs;
GetClientSetCorsPreflightParameters(optionalCorsPreflightArgs); GetClientSetCorsPreflightParameters(optionalCorsPreflightArgs);
// NB: This call forces us to cache mTopWindowURI if we haven't already. // NB: This call forces us to cache mTopWindowURI and
// mContentBlockingAllowListPrincipal if we haven't already.
nsCOMPtr<nsIURI> uri; nsCOMPtr<nsIURI> uri;
GetTopWindowURI(mURI, getter_AddRefs(uri)); GetTopWindowURI(mURI, getter_AddRefs(uri));
SerializeURI(mTopWindowURI, openArgs.topWindowURI()); SerializeURI(mTopWindowURI, openArgs.topWindowURI());
if (mContentBlockingAllowListPrincipal) {
PrincipalInfo principalInfo;
rv = PrincipalToPrincipalInfo(mContentBlockingAllowListPrincipal,
&principalInfo);
if (NS_WARN_IF(NS_FAILED(rv))) {
return rv;
}
openArgs.contentBlockingAllowListPrincipal() = principalInfo;
} else {
openArgs.contentBlockingAllowListPrincipal() = void_t();
}
openArgs.preflightArgs() = optionalCorsPreflightArgs; openArgs.preflightArgs() = optionalCorsPreflightArgs;
openArgs.uploadStreamHasHeaders() = mUploadStreamHasHeaders; openArgs.uploadStreamHasHeaders() = mUploadStreamHasHeaders;

Просмотреть файл

@ -133,14 +133,21 @@ bool HttpChannelParent::Init(const HttpChannelCreationArgs& aArgs) {
switch (aArgs.type()) { switch (aArgs.type()) {
case HttpChannelCreationArgs::THttpChannelOpenArgs: { case HttpChannelCreationArgs::THttpChannelOpenArgs: {
const HttpChannelOpenArgs& a = aArgs.get_HttpChannelOpenArgs(); const HttpChannelOpenArgs& a = aArgs.get_HttpChannelOpenArgs();
PrincipalInfo contentBlockingAllowListPrincipal;
if (a.contentBlockingAllowListPrincipal().type() ==
OptionalPrincipalInfo::TPrincipalInfo) {
contentBlockingAllowListPrincipal =
a.contentBlockingAllowListPrincipal();
}
return DoAsyncOpen( return DoAsyncOpen(
a.uri(), a.original(), a.doc(), a.referrerInfo(), a.apiRedirectTo(), a.uri(), a.original(), a.doc(), a.referrerInfo(), a.apiRedirectTo(),
a.topWindowURI(), a.loadFlags(), a.requestHeaders(), a.topWindowURI(), contentBlockingAllowListPrincipal, a.loadFlags(),
a.requestMethod(), a.uploadStream(), a.uploadStreamHasHeaders(), a.requestHeaders(), a.requestMethod(), a.uploadStream(),
a.priority(), a.classOfService(), a.redirectionLimit(), a.allowSTS(), a.uploadStreamHasHeaders(), a.priority(), a.classOfService(),
a.thirdPartyFlags(), a.resumeAt(), a.startPos(), a.entityID(), a.redirectionLimit(), a.allowSTS(), a.thirdPartyFlags(), a.resumeAt(),
a.chooseApplicationCache(), a.appCacheClientID(), a.allowSpdy(), a.startPos(), a.entityID(), a.chooseApplicationCache(),
a.allowAltSvc(), a.beConservative(), a.tlsFlags(), a.loadInfo(), a.appCacheClientID(), a.allowSpdy(), a.allowAltSvc(),
a.beConservative(), a.tlsFlags(), a.loadInfo(),
a.synthesizedResponseHead(), a.synthesizedSecurityInfoSerialization(), a.synthesizedResponseHead(), a.synthesizedSecurityInfoSerialization(),
a.cacheKey(), a.requestContextID(), a.preflightArgs(), a.cacheKey(), a.requestContextID(), a.preflightArgs(),
a.initialRwin(), a.blockAuthPrompt(), a.initialRwin(), a.blockAuthPrompt(),
@ -382,13 +389,14 @@ bool HttpChannelParent::DoAsyncOpen(
const URIParams& aURI, const Maybe<URIParams>& aOriginalURI, const URIParams& aURI, const Maybe<URIParams>& aOriginalURI,
const Maybe<URIParams>& aDocURI, nsIReferrerInfo* aReferrerInfo, const Maybe<URIParams>& aDocURI, nsIReferrerInfo* aReferrerInfo,
const Maybe<URIParams>& aAPIRedirectToURI, const Maybe<URIParams>& aAPIRedirectToURI,
const Maybe<URIParams>& aTopWindowURI, const uint32_t& aLoadFlags, const Maybe<URIParams>& aTopWindowURI,
const RequestHeaderTuples& requestHeaders, const nsCString& requestMethod, const PrincipalInfo& aContentBlockingAllowListPrincipal,
const Maybe<IPCStream>& uploadStream, const bool& uploadStreamHasHeaders, const uint32_t& aLoadFlags, const RequestHeaderTuples& requestHeaders,
const int16_t& priority, const uint32_t& classOfService, const nsCString& requestMethod, const Maybe<IPCStream>& uploadStream,
const uint8_t& redirectionLimit, const bool& allowSTS, const bool& uploadStreamHasHeaders, const int16_t& priority,
const uint32_t& thirdPartyFlags, const bool& doResumeAt, const uint32_t& classOfService, const uint8_t& redirectionLimit,
const uint64_t& startPos, const nsCString& entityID, const bool& allowSTS, const uint32_t& thirdPartyFlags,
const bool& doResumeAt, const uint64_t& startPos, const nsCString& entityID,
const bool& chooseApplicationCache, const nsCString& appCacheClientID, const bool& chooseApplicationCache, const nsCString& appCacheClientID,
const bool& allowSpdy, const bool& allowAltSvc, const bool& beConservative, const bool& allowSpdy, const bool& allowAltSvc, const bool& beConservative,
const uint32_t& tlsFlags, const Maybe<LoadInfoArgs>& aLoadInfoArgs, const uint32_t& tlsFlags, const Maybe<LoadInfoArgs>& aLoadInfoArgs,
@ -424,6 +432,10 @@ bool HttpChannelParent::DoAsyncOpen(
nsCOMPtr<nsIURI> docUri = DeserializeURI(aDocURI); nsCOMPtr<nsIURI> docUri = DeserializeURI(aDocURI);
nsCOMPtr<nsIURI> apiRedirectToUri = DeserializeURI(aAPIRedirectToURI); nsCOMPtr<nsIURI> apiRedirectToUri = DeserializeURI(aAPIRedirectToURI);
nsCOMPtr<nsIURI> topWindowUri = DeserializeURI(aTopWindowURI); nsCOMPtr<nsIURI> topWindowUri = DeserializeURI(aTopWindowURI);
nsCOMPtr<nsIPrincipal> contentBlockingAllowListPrincipal =
(aContentBlockingAllowListPrincipal.type() != PrincipalInfo::T__None)
? PrincipalInfoToPrincipal(aContentBlockingAllowListPrincipal)
: nullptr;
LOG(("HttpChannelParent RecvAsyncOpen [this=%p uri=%s, gid=%" PRIu64 LOG(("HttpChannelParent RecvAsyncOpen [this=%p uri=%s, gid=%" PRIu64
" topwinid=%" PRIx64 "]\n", " topwinid=%" PRIx64 "]\n",
@ -490,6 +502,11 @@ bool HttpChannelParent::DoAsyncOpen(
MOZ_ASSERT(NS_SUCCEEDED(rv)); MOZ_ASSERT(NS_SUCCEEDED(rv));
} }
if (contentBlockingAllowListPrincipal) {
httpChannel->SetContentBlockingAllowListPrincipal(
contentBlockingAllowListPrincipal);
}
if (aLoadFlags != nsIRequest::LOAD_NORMAL) if (aLoadFlags != nsIRequest::LOAD_NORMAL)
httpChannel->SetLoadFlags(aLoadFlags); httpChannel->SetLoadFlags(aLoadFlags);

Просмотреть файл

@ -151,17 +151,18 @@ class HttpChannelParent final : public nsIInterfaceRequestor,
const URIParams& uri, const Maybe<URIParams>& originalUri, const URIParams& uri, const Maybe<URIParams>& originalUri,
const Maybe<URIParams>& docUri, nsIReferrerInfo* aReferrerInfo, const Maybe<URIParams>& docUri, nsIReferrerInfo* aReferrerInfo,
const Maybe<URIParams>& internalRedirectUri, const Maybe<URIParams>& internalRedirectUri,
const Maybe<URIParams>& topWindowUri, const uint32_t& loadFlags, const Maybe<URIParams>& topWindowUri,
const RequestHeaderTuples& requestHeaders, const nsCString& requestMethod, const PrincipalInfo& aContentBlockingAllowListPrincipal,
const Maybe<IPCStream>& uploadStream, const bool& uploadStreamHasHeaders, const uint32_t& loadFlags, const RequestHeaderTuples& requestHeaders,
const int16_t& priority, const uint32_t& classOfService, const nsCString& requestMethod, const Maybe<IPCStream>& uploadStream,
const uint8_t& redirectionLimit, const bool& allowSTS, const bool& uploadStreamHasHeaders, const int16_t& priority,
const uint32_t& thirdPartyFlags, const bool& doResumeAt, const uint32_t& classOfService, const uint8_t& redirectionLimit,
const uint64_t& startPos, const nsCString& entityID, const bool& allowSTS, const uint32_t& thirdPartyFlags,
const bool& chooseApplicationCache, const nsCString& appCacheClientID, const bool& doResumeAt, const uint64_t& startPos,
const bool& allowSpdy, const bool& allowAltSvc, const nsCString& entityID, const bool& chooseApplicationCache,
const bool& beConservative, const uint32_t& tlsFlags, const nsCString& appCacheClientID, const bool& allowSpdy,
const Maybe<LoadInfoArgs>& aLoadInfoArgs, const bool& allowAltSvc, const bool& beConservative,
const uint32_t& tlsFlags, const Maybe<LoadInfoArgs>& aLoadInfoArgs,
const Maybe<nsHttpResponseHead>& aSynthesizedResponseHead, const Maybe<nsHttpResponseHead>& aSynthesizedResponseHead,
const nsCString& aSecurityInfoSerialization, const uint32_t& aCacheKey, const nsCString& aSecurityInfoSerialization, const uint32_t& aCacheKey,
const uint64_t& aRequestContextID, const uint64_t& aRequestContextID,

Просмотреть файл

@ -305,6 +305,12 @@ interface nsIHttpChannelInternal : nsISupports
*/ */
[must_use] readonly attribute nsIURI topWindowURI; [must_use] readonly attribute nsIURI topWindowURI;
/**
* The content blocking allow list principal belonging to the document
* loaded in the top-level window that's associated with this channel.
*/
[must_use, noscript] readonly attribute nsIPrincipal contentBlockingAllowListPrincipal;
/** /**
* Set top-level window URI to this channel only when the topWindowURI * Set top-level window URI to this channel only when the topWindowURI
* is null and there is no window associated to this channel. * is null and there is no window associated to this channel.

Просмотреть файл

@ -1955,6 +1955,49 @@ nsresult AntiTrackingCommon::IsOnContentBlockingAllowList(
principal.forget(aPrincipal); principal.forget(aPrincipal);
} }
/* static */ void
AntiTrackingCommon::RecomputeContentBlockingAllowListPrincipal(
nsIURI* aURIBeingLoaded, const OriginAttributes& aAttrs,
nsIPrincipal** aPrincipal) {
MOZ_ASSERT(aPrincipal);
auto returnInputArgument = MakeScopeExit([&] { *aPrincipal = nullptr; });
// Take the host/port portion so we can allowlist by site. Also ignore the
// scheme, since users who put sites on the allowlist probably don't expect
// allowlisting to depend on scheme.
nsAutoCString escaped(NS_LITERAL_CSTRING("https://"));
nsAutoCString temp;
nsresult rv = aURIBeingLoaded->GetHostPort(temp);
// view-source URIs will be handled by the next block.
if (NS_FAILED(rv) && !aURIBeingLoaded->SchemeIs("view-source")) {
// Normal for some loads, no need to print a warning
return;
}
// GetHostPort returns an empty string (with a success error code) for file://
// URIs.
if (temp.IsEmpty()) {
return;
}
escaped.Append(temp);
nsCOMPtr<nsIURI> uri;
rv = NS_NewURI(getter_AddRefs(uri), escaped);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
nsCOMPtr<nsIPrincipal> principal =
BasePrincipal::CreateContentPrincipal(uri, aAttrs);
if (NS_WARN_IF(!principal)) {
return;
}
returnInputArgument.release();
principal.forget(aPrincipal);
}
/* static */ /* static */
void AntiTrackingCommon::NotifyBlockingDecision(nsIChannel* aChannel, void AntiTrackingCommon::NotifyBlockingDecision(nsIChannel* aChannel,
BlockingDecision aDecision, BlockingDecision aDecision,

Просмотреть файл

@ -22,6 +22,8 @@ class nsPIDOMWindowInner;
namespace mozilla { namespace mozilla {
class OriginAttributes;
class AntiTrackingCommon final { class AntiTrackingCommon final {
public: public:
// Normally we would include PContentParent.h here and use the // Normally we would include PContentParent.h here and use the
@ -141,6 +143,10 @@ class AntiTrackingCommon final {
static void ComputeContentBlockingAllowListPrincipal( static void ComputeContentBlockingAllowListPrincipal(
nsIPrincipal* aDocumentPrincipal, nsIPrincipal** aPrincipal); nsIPrincipal* aDocumentPrincipal, nsIPrincipal** aPrincipal);
static void RecomputeContentBlockingAllowListPrincipal(
nsIURI* aURIBeingLoaded, const OriginAttributes& aAttrs,
nsIPrincipal** aPrincipal);
enum class BlockingDecision { enum class BlockingDecision {
eBlock, eBlock,
eAllow, eAllow,